CVE-2012-2095
published 2014-04-07CVE-2012-2095: The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via…
PriorityP334medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
0.80%
51.8th percentile
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_paleino | wicd | <= 1.7.1 | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | — | — |
| david_paleino | wicd | >= 0 < 1.7.2.4-1 | 1.7.2.4-1 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
David Paleino WICD up to 1.7.1 SetWiredProperty input validation (EDB-18733 / Nessus ID 58861)
vuldb·2026-05-09·CVSS 6.9
CVE-2012-2095 [MEDIUM] David Paleino WICD up to 1.7.1 SetWiredProperty input validation (EDB-18733 / Nessus ID 58861)
A vulnerability, which was classified as problematic, was found in David Paleino WICD. Affected by this vulnerability is the function SetWiredProperty. Executing a manipulation can lead to improper input validation.
This vulnerability is registered as CVE-2012-2095. The attack needs to be launched locally. Furthermore, an exploit is available.
You should upgrade the affected component.
GHSA
GHSA-9cx3-g38p-gmgm: The SetWiredProperty function in the D-Bus interface in WICD before 1
ghsa_unreviewed·2022-05-17
CVE-2012-2095 [MEDIUM] CWE-20 GHSA-9cx3-g38p-gmgm: The SetWiredProperty function in the D-Bus interface in WICD before 1
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
OSV
CVE-2012-2095: The SetWiredProperty function in the D-Bus interface in WICD before 1
osv·2014-04-07·CVSS 6.9
CVE-2012-2095 [MEDIUM] CVE-2012-2095: The SetWiredProperty function in the D-Bus interface in WICD before 1
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
No detection rules found.
Bugzilla
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [fedora-all]
bugzilla·2012-04-11·CVSS 6.9
CVE-2012-2095 [MEDIUM] CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [fedora-all]
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=
Bugzilla
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [epel-6]
bugzilla·2012-04-11·CVSS 6.9
CVE-2012-2095 [MEDIUM] CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [epel-6]
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=secu
Bugzilla
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution
bugzilla·2012-04-11·CVSS 6.9
CVE-2012-2095 [MEDIUM] CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution
CVE-2012-2095 wicd: broken filtering leads to arbitrary code execution
It was reported [1],[2] that wicd suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker could use this to inject arbitrary code through the DBus interface.
This has been corrected upstream [3] in the 1.7.2 release [4].
[1] http://seclists.org/fulldisclosure/2012/Apr/123
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397
[3] http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751
[4] https://launchpad.net/wicd/+announcement/9888
Discussion:
Created wicd tracking bugs for this issue
Affects: fedora-all [bug 811763]
Affects: epel-6 [bug 811764]
---
wicd-1.7.2.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persis
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.htmlhttp://secunia.com/advisories/48759http://secunia.com/advisories/49657http://www.exploit-db.com/exploits/18733http://www.gentoo.org/security/en/glsa/glsa-201206-08.xmlhttp://www.infosecinstitute.com/courses/ethical-hacking-wicd-0day.htmlhttp://www.openwall.com/lists/oss-security/2012/04/11/2http://www.openwall.com/lists/oss-security/2012/04/11/3http://www.securityfocus.com/bid/52987https://bugs.launchpad.net/wicd/+bug/979221https://launchpad.net/wicd/+announcement/9888http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.htmlhttp://secunia.com/advisories/48759http://secunia.com/advisories/49657http://www.exploit-db.com/exploits/18733http://www.gentoo.org/security/en/glsa/glsa-201206-08.xmlhttp://www.infosecinstitute.com/courses/ethical-hacking-wicd-0day.htmlhttp://www.openwall.com/lists/oss-security/2012/04/11/2http://www.openwall.com/lists/oss-security/2012/04/11/3http://www.securityfocus.com/bid/52987https://bugs.launchpad.net/wicd/+bug/979221https://launchpad.net/wicd/+announcement/9888
2014-04-07
Published